kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
cgroupDriver: systemd
authentication:
  anonymous:
    enabled: false
  webhook:
    enabled: true
    cacheTTL: "2m"
  x509:
    clientCAFile: "/etc/kubernetes/pki/ca.pem"
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: "5m"
    cacheUnauthorizedTTL: "30s"
clusterDomain: "cluster.local"
clusterDNS:
{% if nodelocaldns.enabled %}
  - "{{ nodelocaldns.ip }}"
{% else %}
  - "{{ kubernetes.service_addresses | ansible.utils.next_nth_usable(10) }}"
{% endif %}
cpuManagerReconcilePeriod: 10s
containerLogMaxSize: 200Mi
containerLogMaxFiles: 10
maxPods: {{ kubernetes.kubelet_max_pods | default(110) }}
evictionHard:
  imagefs.available: 10%
  memory.available: 500Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
fileCheckFrequency: 20s
httpCheckFrequency: 20s
healthzBindAddress: 0.0.0.0
healthzPort: 10248
imageMinimumGCAge: 2m
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
rotateCertificates: true
runtimeRequestTimeout: 2m
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h
syncFrequency: 1m
volumeStatsAggPeriod: 1m
{% if kubernetes.version | regex_replace('v') is version("1.28.0","ge") %}
containerRuntimeEndpoint: unix://{{containerd.state}}/containerd.sock
imageServiceEndpoint: unix://{{containerd.state}}/containerd.sock
{% endif %}
{% if ansible_os_family in ['Debian'] %}
resolvConf: /run/systemd/resolve/resolv.conf
{% endif %}
